NanoWarpWallet is a fork of the original WarpWallet used for making Nano wallets instead of bitcoin ones. It is a deterministic Nano wallet generator. You never have to save or store your secret key anywhere. Just pick a really good passphrase - I recommend using Diceware, an online implementation of which you can find here - and never use it for anything else.

This page is self-contained for portability. Save it on your computer - all the JS, CSS, and images are embedded. It's also hosted on github. See the github repository for information on how to build it yourself from source as well as how to verify that this hosted version is really the same as what you get when you build it from the source on the github repo.

This is not an original idea. bitaddress.org's brainwallet is the original inspiration.

If you want to donate to the author of this version, here are my addresses:

Nano: @gray on Nanode

XRP: r3fMVf7RMkYwEKB12mPm3P8AiYWPYyBgdi

ETH: 0x188a25F12c7ed69B4AF8593950748ea7f9Daa6a1

WarpWallet adds two improvements: (1) WarpWallet uses scrypt to make address generation both memory and time-intensive. And (2) you can "salt" your passphrase with your email address. Though salting is optional, we recommend it. Any attacker of WarpWallet addresses would have to target you individually, rather than netting you in a wider, generic attack. And your email is trivial to remember, so why not?

If you're a programmer and want to implement WarpWallet yourself, here is the algorithm used.

s_{1} | = | scrypt(key=(passphrase||0x1), salt=(salt||0x1), N=2^{18}, r=8, p=1, dkLen=32) |

s_{2} | = | pbkdf2(key=(passphrase||0x2), salt=(salt||0x2), c=2^{16}, dkLen=32, prf=HMAC_SHA256) |

seed | = | s_{1} ⊕ s_{2} |

accountPrivateKey | = | blake2b(seed||accountIndex) |

accountPublicKey | = | ed25519_publickey(accountPrivateKey) |

accountAddress | = | hexToWIF(accountPublicKey) |

"Brainwallets" are often frowned upon in the cryptocurrency community because the safety of a brainwallet is entirely based on how strong of a passphrase you choose to protect it with, and most times the chosen passphrases are not good. NanoWarpWallet takes steps to minimize this by using large iterations of scrypt and pbkdf2 as well as a salt in order to make brute-forcing much more difficult, but this protection is not fool-proof. A bad passphrase will still put your coins at a large risk of being stolen. So, what constitutes a good passphrase?

If you just want to make a good passphrase and don't want to know why it is a good one, I recommend using this generator, which is based on the Diceware method. Then, use a mnemonic peg system to memorize it easily and reliably. If you do want to know why a random phrase from a book or other similar human-generated passphrases are bad, read on.

The strength of a passphrase is calculated using something called "bits of entropy." This is fancy talk for basically saying a fair coin flip. So, to calculate the total number of possibilities that an attacker would have to try to exhaust every possibility given a passphrase's bits of entropy (also known as the *key-space*, you do 2^{bits}. Going forward, it is good to note that an attacker will, on average, have to go through half of the available key-space to find your passphrase. Modern password-cracking infrastructure from a single private entity has been shown to be able to do ~3.5 million hashes per second (or more with a larger, more expensive rig, as some crypto mining entities surely have access to) on scrypt, and we can assume a nation-state type attacker like the NSA could easily do an order of magnitude or more above this--say, 3.5 trillion hashes per second as a conservative estimate. Therefore, the time in seconds, on average, it would take to crack a NanoWarpWallet by brute force would be 2^{bits of entropy} * 0.5 / (hashrate of attacker).

The bits of entropy of a piece of a passphrase can therefore be calculated by taking log_{2} of the number of possibilites that could exist for that piece. If you take a random single lower-case letter, for example, you have 27 possible choices, and log_{2}27 = 4.75 bits of entropy. Bits of entropy of pieces of a passphrase can be added together. Therefore, a passphrase with 8 random lower-case letters has an entropy of ~ 4.75 * 8 = 38 bits of entropy. That would mean the total key-space of the passphrase would be 2^{38} = 274,877,906,944. However, if those 8 lower case letters are not actually random and are instead parts of an english word, the entropy of each of those letters because they were not actually generated randomly. Therefore, using a "random phrase" from a book, or a random phrase you invent, is not a very good passphrase. The best way to make a secure and memorable passphrase is to use something like this passphrase generator, which is based on the Diceware method. Then, use a mnemonic peg system to memorize it easily and reliably.

The author of NanoWarpWallet, a fork of the original WarpWallet, is Gray Olson, an artist, photographer, programmer, and overall geek living in Phoenix, AZ. You can see more about her at grayolson.me

The authors of the original WarpWallet are Max Krohn and Chris Coyne, co-founders of OkCupid, SparkNotes, and a bunch of other toys. They say: "Good day to you! We recently left OkCupid after 9 years, so we have a lot of time on our hands. Please follow us on twitter if you care to hear about this kind of thing."

*NanoWarpWallet* is of course offered without any warranty of any kind;
if you lose your Nano due to a bug in this software, your keystrokes being
recorded on a malware-infested XP rig from 2003, a weak passphrase, or even a typo,
I am sorry in the most respectful way, but I cannot help you. Of course if you're messing around with Nano, you know how dangerous it is.

Consider using an air-gapped computer when generating Nano addresses. The nice thing about NanoWarpWallet is you don't have to worry about concealing your private key afterwards. Just don't forget your passphrase.

v - Gray Olson 2017